Terms of ServicePrivacy PolicyEULA

Privacy Policy

Last updated: February 4, 2026 | Effective: February 4, 2026

1573341 B.C. Ltd. (operating as S4mple) ("Company," "we," "us," or "our") operates S4 (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in British Columbia, Canada.

1. Information We Collect

1.1 Information You Provide

When you create an account or use certain features, we collect:

  • Account Information: Email address, username (optional), and password (stored as a secure hash)
  • User Content: Flashcards, notes, and other content you create
  • Uploaded Files: Images and other media you upload for image occlusion or other features

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Flashcard count, storage usage, review history, and AI feature usage (token counts)
  • Session Data: Session tokens and device identifiers for authentication
  • Technical Data: IP address, browser type, and operating system (for security and troubleshooting)

1.3 Information from Third Parties

We receive information from third-party service providers:

  • Stripe: Subscription status, billing information, and payment history

1.4 Local-Only Data

Important: If you use only the desktop application without cloud sync, your data remains entirely on your local device. We do not have access to locally-stored flashcards, notes, or files unless you explicitly enable cloud synchronization.

2. How We Use Your Information

We use your personal information to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Synchronize your content across devices (if enabled)
  • Process payments and manage subscriptions
  • Provide AI-powered features (OCR, semantic search) when requested
  • Send transactional emails (password resets, account notifications)
  • Enforce our Terms of Service and protect against misuse
  • Respond to your inquiries and provide customer support
  • Comply with legal obligations

3. Data Sharing and Third Parties

We share your information with the following third-party service providers who help us operate the Service:

ServiceData SharedPurpose
StripeEmail, billing info, usage metricsPayment processing
OpenAIText and image content (when using AI features)OCR, semantic embeddings
ResendEmail addressTransactional emails
Cloudflare R2Uploaded images and filesCloud storage
NeonAll account and content dataDatabase hosting

We may also disclose your information:

  • When required by law, court order, or governmental request
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

3.1 OpenAI Data Processing

When you use AI-powered features (OCR, semantic search), your content is sent to OpenAI for processing. Important details about OpenAI's data handling:

  • No Training: According to OpenAI's API terms, data submitted via their API is not used to train or improve their models
  • Retention: OpenAI may retain API data for up to 30 days for abuse and misuse monitoring purposes, then it is deleted
  • Opt-Out: You can avoid OpenAI processing by not using AI features; standard cloud sync does not involve OpenAI

For more details, see OpenAI's API data usage policies at openai.com/policies.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: All data is transmitted over HTTPS/TLS
  • Password Security: Passwords are hashed using Argon2, a secure hashing algorithm
  • Token Security: Session and API tokens are hashed before storage
  • Access Controls: Access to user data is restricted to authorized personnel
  • Infrastructure: We use reputable cloud providers with strong security practices

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

4.1 Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to you, we will:

  • Notify affected users as soon as feasible
  • Report the breach to the Office of the Privacy Commissioner of Canada as required by PIPEDA
  • Provide information about what data was affected and steps being taken to address the breach

You can report suspected security incidents or data breaches to privacy@s4mple.com.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy:

  • Account Data: Retained while your account is active
  • User Content: Retained while your account is active; deleted upon account deletion
  • Session Data: Sessions expire after 30 days of inactivity
  • API Tokens: Expire after 90 days
  • Password Reset Tokens: Expire after 1 hour
  • Billing Records: Retained as required by tax and accounting laws

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., billing records for tax purposes).

6. Your Rights

Under PIPEDA and applicable privacy laws, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request your data in a structured, commonly used, machine-readable format (JSON)
  • Withdrawal of Consent: Withdraw consent for data processing where consent is the legal basis
  • Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada

6.1 Consequences of Consent Withdrawal

If you withdraw consent for data processing:

  • We will stop processing your personal information for the purposes you have withdrawn consent for
  • This may affect your ability to use certain features of the Service that require data processing
  • Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
  • Some data may be retained where we have a legal obligation or legitimate interest to do so

6.2 How to Exercise Your Rights

To exercise any of the rights listed above:

  1. Email us at privacy@s4mple.com with:
    • Your full name and registered email address
    • The specific right you wish to exercise (access, correction, deletion, etc.)
    • Any relevant details or specific data you're inquiring about
  2. Identity Verification: We will verify your identity by sending a confirmation code to your registered email address
  3. Response Timeline: We will respond within 30 days of verifying your identity
  4. Fees: We do not charge fees for reasonable requests. Excessive or repetitive requests may incur reasonable administrative fees, which we will notify you about before proceeding
  5. Data Format: Data exports (portability requests) are provided in JSON format (machine-readable and commonly used)

Self-Service Options

You can access and update much of your information directly through your account settings, including deleting your account. To request a data export, please contact us.

7. Cookies and Session Data

We use essential cookies and session storage to operate the Service:

  • Session Cookies: Used to authenticate you and maintain your login state
  • Security Cookies: Used to prevent cross-site request forgery (CSRF)

We do not use third-party advertising or tracking cookies. The cookies we use are strictly necessary for the Service to function.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including the United States, where our service providers operate. These countries may have different data protection laws than Canada.

When we transfer your information internationally, we take steps to ensure it receives an adequate level of protection, including using contractual safeguards with our service providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes (if we have your email)

Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

1573341 B.C. Ltd.
Privacy Officer
British Columbia, Canada
Email: privacy@s4mple.com

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca